CS Jan-Feb 2024
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>2024</strong> predictions<br />
disinformation campaigns. The threat of AIempowered<br />
cyber-attacks are understood by<br />
many. A 2023 survey showed that 81% of<br />
respondents were concerned about the<br />
potential risks associated with the rise of<br />
generative AIs like ChatGPT, while only 7%<br />
were optimistic that AI tools could enhance<br />
internet safety. In <strong>2024</strong>, those concerns may<br />
be vindicated.<br />
Brian Martin, director of product<br />
management, Integrity360<br />
In <strong>2024</strong>, we foresee the evolution of threat<br />
exposure management taking hold as a<br />
concept in the market. With many prevalent<br />
and upcoming technologies centred on CTEM<br />
[Continuous Threat Exposure Management]<br />
at present, it suggests that it's going to start<br />
becoming mainstream next year.<br />
CTEM will enable organisations to be more<br />
proactive about identifying and assessing key<br />
problem areas in the attack surface that has<br />
grown substantially in the last couple of years.<br />
However, this will extend beyond simply<br />
identifying and addressing vulnerabilities,<br />
enabling organisations to alter their posture,<br />
looking at users, security controls and other<br />
key pieces of the puzzle needed to change<br />
to ensure best practices are embraced. A more<br />
widespread embrace of CTEM is also likely to<br />
accelerate the convergence of key security<br />
tools.<br />
When we talk about threat exposure<br />
management, there's a few different pillars,<br />
products and capabilities, including: external<br />
attack surface management, cyber asset<br />
management, attack path management,<br />
digital risk protection, vulnerability assessment<br />
and management, and continuous testing.<br />
Currently, these are all separate products -<br />
that's likely to change in the year ahead.<br />
Consolidation is going to be a theme for<br />
<strong>2024</strong>, as previously standalone products<br />
continue to become features of broader<br />
overarching solutions, such as CTEM<br />
programmes.<br />
Jamal Elmellas, chief operating officer<br />
at Focus-on-Security<br />
Skills shortages will begin to be felt, due to<br />
them being cumulative. There is an annual<br />
shortfall of 11,200 cybersecurity employees,<br />
according to UK Government research, and<br />
this is cumulative, which means year-on-year<br />
the shortage is intensifying.<br />
Moreover, an increase in demand for cyber<br />
roles of 30% and growth in employment<br />
of 10% over the course of 2022 indicates<br />
demand is also on the up. In <strong>2024</strong>, the<br />
shortages of skilled cybersecurity employees<br />
will start to bite and businesses will no<br />
longer be able to keep doing what they have<br />
been doing and recruit from the same small<br />
pool of talent. Recruitment strategies will<br />
have to become more creative in a bid to<br />
identify raw talent, if security teams don't<br />
want to be left short staffed.<br />
Emergence of more low cost or free<br />
training schemes to boost intake. Industry<br />
bodies have already taken proactive action,<br />
with the likes of (ISC)2 offering a million free<br />
entry level certification courses and exams,<br />
while in the US a number of universities have<br />
launched free online courses. Advances in<br />
the provision of courses online mean this is<br />
now a viable low-cost alternative. So, next<br />
year we can expect to see more subsidised or<br />
free training, in a bid to attract more people<br />
into the sector or to upskill professionals to<br />
fill those roles that are in high demand.<br />
A brain drain as more senior execs leave the<br />
field, due to stress and burnout. Stress levels<br />
continue to be high, with incidents and alert<br />
levels on the rise, which means we are on<br />
track to realise Gartner's prediction of 50%<br />
of cybersecurity leaders changing jobs and<br />
25% leaving by 2025. Thus far that exodus<br />
has been tempered by the cost-of-living<br />
crisis, but, as inflation stabilises and confidence<br />
returns, there will be an exodus at the<br />
top. Given the years of experience needed to<br />
fill these roles, this could seriously destabilise<br />
security teams and stall security projects.<br />
Guido Grillenmeier, Semperis: good to<br />
see that there is a bigger focus placed<br />
on identity protection.<br />
Amit Sinha, DigiCert: AI technologies will<br />
allow attackers to create fake websites,<br />
watering holes and phishing websites<br />
like never before.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> computing security<br />
13